on 07-22-2010 12:44 PM
I have a connection issue on one of my SOAP Channels.
I am running Version PI 7.0. Service Pack: 07 Release: NW07_07_REL
the error is:
2010-07-22 12:32:10 Information Message successfully put into the queue.
2010-07-22 12:32:10 Information The message was successfully retrieved from the receive queue.
2010-07-22 12:32:10 Information The message status was set to DLNG.
2010-07-22 12:32:10 Information Delivering to channel: JobPositionPublication_SOAP_Receiver
2010-07-22 12:32:10 Information SOAP: request message entering the adapter with user J2EE_GUEST
2010-07-22 12:32:10 Error SOAP: call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
2010-07-22 12:32:10 Information SOAP: sending a delivery error ack ...
2010-07-22 12:32:10 Information SOAP: sent a delivery error ack
SOAP: call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
we added an SSL certificate via STRUST (and asked for a new certificate). restarted the ICM but the error persists.
i searched the forum and found others had a similar issue, and none of the solutions they used to rectify the issue have so far worked for us.
Has anyone come across this issue and have some suggestions on what/where to fix it?
i have changed settings in the Communication Channel... and the error persists.....
Hi Barry,
>we added an SSL certificate via STRUST (and asked for a new certificate). restarted the ICM but the error persists.
The soap adapter belongs to Java stack, you have to store the certificate there. I assume in PI 7.0 via Visual Admin (newer releases: Netweaver Administrator)
Regards,
Udo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi experts,
we are facing same error in PI 7.4.
How to change certificate please guide for process.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ram,
You have to make sure that below mentioned points are taken care.
If all the above points are taken care then just restart your channel, It should work fine.
Regards,
Vishnu Srivastava
Well... just when i thought this was all working...
I am now getting the same error again. and this is because i am getting the following error when i go to the website:
There is a problem with this website's security certificate.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
any thoughts on how i can by pass this error?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
If there was an intermediate CA, then have you installed it?
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
the target system provided the certificate.
we loaded it into the NWA.
the Communication channel is set up to use the certificate
and the whole process fails...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
thanks for all the response.
the certificate was in the NWA - Keystore.
It has not expired.
it does have the FQDN.
it is driving me bonkers.....
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
If the end point of the SOAP Call(Server) is configured to accept
a client certificate(mandatory), then make sure that it is configured
correctly in the SOAP channel and it is also within validity period.
(This certificate is the one which is sent to Server for Client
authentication)
Regards,
Caio Cagnani
Hi!
Basically, the main reasons because of which the error mentioned here
comes, are the following:
1. The correct server certificate is not present in the TrustedCA
keystore view of NWA .
Please ensure you have done all the steps described in these two
urls:
Security Configuration at Message Level
http://help.sap.com/saphelp_nw70/helpdata/en/ea/c91141e109ef6fe10000000a1550b0/frameset.htm
2. The server certificate chain contains expired certificate. Check for
it (that was the cause for other customers as well) and if it's the case
renew it or extend the validation.
3. Some other customers have reported similar problem and mainly the
problem was that the certificate chain was not in correct
order. Basically the server certificate chain should be in order
Own->Intermedite->Root. To explain in detail, if your server certificate
is A which is issued by an intermediate CA B and then B's certificate is
issued by the C which is the root CA (having a self signed certificate).
Then your certificate chain contains 3 elements A->B->C. So you need to
have the right order of certificate in the chain. If the order is B
first followed by A followed by C, then the IAIK library used by PI
cannot verify the server as trusted. Please generate the certificate in
the right order and then import this certificate in the TrustedCA
keystore view and try again.
Also check if the correct kestore was imported for the client.
And the CN = Full name of host or IP address of the server.
Regards,
Caio Cagnani
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Barry,
The SOAP adapter uses the J2EE Adapter Engine. Adding a root certificate in STRUST won't do much about your problem. Try and import the root certificate to the approriate keystore in the Visual Administrator. No restart is required.
Alternatively, open the SOAP endpoint in your browser and check whether the SSL connection is valid.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.